54.39.0.140
## IP Intelligence Briefing: 54.39.0.140
Classification: Moderate Risk (Score: 40) | Report Date: 2026-06-20
---
Executive Summary
IP 54.39.0.140 is an OVH cloud hosting endpoint associated with Ahrefs.net infrastructure. The IP presents moderate risk due to its hosting classification, geographic validation anomalies, and high-abuse density neighborhood. No active threat indicators, campaigns, or blacklisting evidence detected.
---
Ownership & Infrastructure
| Attribute | Value |
|---|---|
| **ASN** | 16276 (OVH) |
| **Organization** | Dmytro, Ahrefs Pte Ltd |
| **CIDR Block** | 54.39.0.0/24 |
| **Infrastructure Type** | Cloud Compute / Hosting |
| **Provider** | OVH |
| **Location** | Beauharnois, QC, Canada |
The IP resolves to `proxy-ca004-san140.ahrefs.net` via DNS PTR record, confirming association with Ahrefs infrastructure. The subnet is classified as hosting with cloud compute infrastructure type.
---
Threat Assessment
Risk Indicators:
- Risk Score: 40 (Moderate)
- Abuse Confidence Score: Not available
- Blacklist Count: 0
- Known Attacker: No
- Spam Source: No
- Tor Exit Node: No
Network Classification:
- Hosting: Yes
- CDN: No
- VPN/Proxy: No
- Mobile/Residential: No
Geolocation Anomalies:
- Claimed location: Canada (QC)
- Distance from probe origin: 5,628.6 km
- Violation: RTT 25ms is significantly below minimum possible 112.6ms for this distance
- Geographic validation flagged as implausible
---
Neighborhood Analysis
Subnet: 54.39.0.0/24
- Classification: High Abuse
- Abuse Density: 0.6953 (69.53%)
- Total Siblings: 256
- Active Siblings: 184
- Threat Siblings: 178
- Inherited Risk: 27
The IP resides in a high-abuse density subnet. Approximately 70% of neighbors exhibit abuse indicators, with 178 of 256 total siblings flagged as threats. This contextualizes the moderate risk score within a compromised subnet environment.
---
Historical Observations
Total Observations: 22 signals over monitoring period
Key Historical Signals:
- DNS Resolution: Consistent resolution to `ahrefs.net` domain with CAA records present
- Infrastructure: Confirmed cloud/hosting classification (OVH provider)
- Geolocation: Multiple signals showing RTT violations (25-44ms observed vs. 112.6ms minimum for 5,629km distance)
- Control Plane: DNSSEC valid, CAA records present
No evolution toward malicious activity observed. Signals remain stable with no persistent malicious indicators.
---
Relationships
Relationship Count: 44 entities
- Network Relationships: Multiple entries to OVH-CUST-281059683
- No cross-network relationships detected
- No certificate or hostname associations beyond Ahrefs domain
---
Recommended Actions
No specific threat-based recommendations generated due to lack of active threat indicators. However, the following defensive measures are recommended given the subnet's high-abuse classification:
| Platform | Recommended Action |
|---|---|
| **iptables** | `iptables -A INPUT -s 54.39.0.140 -j DROP` |
| **nftables** | `nft add rule inet filter input ip saddr 54.39.0.140 drop` |
| **nginx** | `deny 54.39.0.140;` |
| **pfSense** | `54.39.0.140/32` |
| **Cloudflare WAF** | Block with expression `ip.src eq 54.39.0.140` |
| **AWS WAF** | Add `54.39.0.140/32` to allowlist deny rules |
Note: Subnet-wide blocking may be warranted given the 69.53% abuse density.
---
Threat Intelligence Narrative
IP 54.39.0.140 operates within OVH cloud infrastructure as part of Ahrefs.net hosting services. The moderate risk score (40) reflects the subnet's high-abuse density environment rather than direct malicious activity. Geographic validation anomalies suggest potential misconfiguration or spoofing. The IP exhibits no active threat indicators, campaigns, or blacklist membership.
Recommended SOC Handling: Monitor but do not automatically block without additional correlation. Consider subnet-level scrutiny given the 178 threat siblings in the 54.39.0.0/24 range. The infrastructure appears to be legitimate cloud hosting with no evidence of active exploitation or command-and-control activity.
---
Data Sources: IPDebrief Intelligence Platform | Analysis Date: 2026-06-20
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Dmytro, Ahrefs Pte Ltd |
| ASN | AS16276 |
| Network Name | OVH-CUST-281059683 |
| CIDR Block | 54.39.0.0/24 |
| RIR | ARIN |
| Country | Singapore |
| Abuse Contact | โ |
๐ DNS Intelligence
| PTR | proxy-ca004-san140.ahrefs.net |
| Forward Confirmed | No โ PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | proxy-ca004-san140.ahrefs.net |
๐ DNS Hygiene
| Hygiene Score | 40% (Fair) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Present |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Firewalled / No Services |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Closed Ports | 22, 25, 80, 443, 3389, 8080, 8443 (0 open / 7 scanned) | ||
| Server | โ |
| HTTP Title | โ |
๐ TLS Certificate
| SANs | None |
| Valid From | โ |
| Valid Until | โ |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 15% | 2 | 2 |
| ownership | 15% | 2 | 2 |
| reputation | 28% | 1 | 3 |
| geolocation | 39% | 2 | 3 |
| Overall | 24% | 10 | 15 |
| Data Coherence | Mostly Consistent (80%) โ 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-22 03:10:27 UTC |
| Last Seen | 2026-06-28 17:57:00 UTC |
| Profile Built | 2026-06-29 06:00:58 UTC |
| Data Freshness | Live |
| Signal Types | 21 |
| Total Observations | 25 |
Full dossier details are available via our API.